VMware has released a security advisory to address four vulnerabilities impacting VMware Workstation Pro / Player and VMware Fusion. The vulnerabilities are tracked as CVE-2024-22267, CVE-2024-22268, CVE-2024-22269, and CVE-2024-22270. CVE-2024-22267, CVE-2024-22269, & CVE-2024-22270, were exploited in the Pwn2Own 2024 Security Contest.
Aruba Patches Multiple Critical Vulnerabilities in Aruba Access Points
HPE Aruba Networking has released a security advisory to address multiple vulnerabilities impacting Aruba Access Points running InstantOS and ArubaOS 10. The security advisory addressed 18 vulnerabilities, out of which eight are rated as critical. All the critical severity vulnerabilities have been given a CVSS score of 9.8.
Microsoft Patch Tuesday, May 2024 Security Update Review
Microsoft has released its May edition of Patch Tuesday. Let’s take a deep dive into the crucial insights from Microsoft’s Patch Tuesday updates for May 2024. Microsoft Patch Tuesday’s May 2024 edition addressed 67 vulnerabilities, including one critical and 59 important severity vulnerabilities. In this month’s security updates, Microsoft has addressed two zero-day vulnerabilities known … Continue reading “Microsoft Patch Tuesday, May 2024 Security Update Review”
Google Chrome Zero-day Vulnerability Exploited in the Wild (CVE-2024-4761)
Google has released updates to address an actively exploited vulnerability in the Chrome browser. Tracked as CVE-2024-4761, Google has given the vulnerability a high severity rating. The out-of-bounds write vulnerability impacts the V8 JavaScript engine. The engine executes JS code in the application.
Google Chrome Zero-day Vulnerability Exploited in the Wild (CVE-2024-4671)
Google has released updates to address an actively exploited vulnerability in the Chrome browser. Tracked as CVE-2024-4671, Google has given the vulnerability a high severity rating. The use-after-free vulnerability exists in the Visuals component. In the advisory, Google mentioned that they are aware of the active exploitation of the vulnerability.
F5 BIG-IP Next Central Manager Multiple Vulnerabilities (CVE-2024-21793 & CVE-2024-26026)
F5 BIG-IP Central Manager is vulnerable to two remotely exploitable security flaws, CVE-2024-21793 & CVE-2024-26026. Successful exploitation of the vulnerabilities may allow attackers to gain complete administrative control of the device and subsequently create accounts on any F5 assets managed by the Next Central Manager.
Tinyproxy HTTP Connection Headers Use After Free Vulnerability (CVE-2023-49606)
A significant unpatched vulnerability in the HTTP/HTTPS proxy tool exposes more than 50,000 Tinyproxy service hosts on the internet. Tracked as CVE-2023-49606, the vulnerability has a critical severity rating with a CVSS score of 9.8. This is a use-after-free vulnerability in the HTTP Connection Headers parsing in Tinyproxy. A specially crafted HTTP header can trigger the … Continue reading “Tinyproxy HTTP Connection Headers Use After Free Vulnerability (CVE-2023-49606)”
HPE Aruba Networking Patches Critical Vulnerabilities Impacting ArubaOS (CVE-2024-26304, CVE-2024-26305, CVE-2024-33511, & CVE-2024-33512)
Aruba Networking has released security updates to address ten critical and medium severity vulnerabilities in ArubaOS. Four vulnerabilities have been rated critical with a CVSSv3 score of 9.8: CVE-2024-26304, CVE-2024-26305, CVE-2024-33511, and CVE-2024-33512. Successful exploitation of these vulnerabilities may lead to remote code execution.
Progress Flowmon OS Command Injection Vulnerability (CVE-2024-2389)
Progress released a patch to address a critical severity vulnerability in Flowmon. Tracked as CVE-2024-2389, the vulnerability is given a CVSS base score of 10. Successful exploitation of the vulnerability allows an unauthenticated, remote attacker to execute arbitrary commands on a targeted system.
Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software Vulnerabilities Exploited in the Wild (CVE-2024-20353 & CVE-2024-20359)
Cisco released software updates to address two actively exploited vulnerabilities in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software (CVE-2024-20353 & CVE-2024-20359). Successful exploitation of the vulnerabilities may result in remote code execution and denial of service (DoS) conditions. CISA added the vulnerabilities to its Known Exploited Vulnerabilities Catalog, acknowledging … Continue reading “Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software Vulnerabilities Exploited in the Wild (CVE-2024-20353 & CVE-2024-20359)”
